The Dutch government has revealed that hackers have issued fake security certificates for organisations like the CIA, Mossad, MI6, Google, Microsoft and Twitter.
The hackers, who are believed to be aligned to Iran, broke into the systems of Dutch security firm DigiNotar, which is authorised to issue certificates that authenticate web sites.
Users in Iran are being encouraged to log out of their online programs and change their passwords.
Having access to the fake certificates could allow the hacker to steer traffic to a bogus site, or to monitor traffic on the real site.
As a result of the hack, the Dutch government says it cannot guarantee the security of its own sites and is looking for alternative solutions.